I am having a recurring issue where a single Roundcube user (not always the same) can flood the server with http requests. Server load slowly continues to increase over several hours, then abruptly drops back to normal levels (presumably because the user eventually closes the browser).

/usr/local/cpanel/logs/access_log contains thousands of entries similar to these:

So it appears that both Roundcube developers and cPanel staff are aware of the issue and that it will eventually be resolved. My question is, what should I do to mitigate this until cPanel releases with a version of Roundcube that does not have this problem?

As it is, it seems that a single Roundcube user who gets into this error and leaves Roundcube running for an extended period of time can eventually bring the server to a halt (WHM 11.32.5 build 13).

After reviewing the bug report that you provided, I located an internal case as well regarding this. We have notified the developers of Roundcube about this particular issue. While Roundcube has issued a patch, we are still in the testing phase of this before it is released. I won't be able to provide a timeframe for when this will be resolved, but it is slated for an upcoming release. Once this has been resolved it will appear in our Change Log. You are able to view this here: Change Logs and reference case 62001.

In the meantime, if anyone has any suggestions how to mitigate this issue, I'd be happy to hear from you. I'd hate to have to disable Roundcube and upset my mail users.

I'm having the same problem. Disabling Roundcube, doing /scripts/cleanphpsessions, /scripts/cleansessions, /scripts/cleanopenwebmail, deleting session files, restarting services, etc. had no effect. I had to resort to firewalling off the offending IP from the webmail port. There has to be a better way to mitigate this issue?